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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1)13 Responsive to communication(s) filed on 07 February 2002 . 
2a)D This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) |3 Claim(s) 1-21 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) E3 Claim(s) 1-21 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)S accepted or b)D objected to by the Examiner, 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



Claim Rejections - 35 USC § 112 

1 . The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

2. Claims 6-12 are rejected under 35 U.S.C. 112, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject 
matter which applicant regards as the invention. 

3. Claim 6 recites the limitation "second individual identity" in line 7. There is 
insufficient antecedent basis for this limitation in the claim. All other claim are 
rejected on the virtue of their dependency. 

Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 
U.S.C. 102 that form the basis for the rejections under this section made in this 

Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 
122(b), by another filed in the United States before the invention by the applicant for patent or 
(2) a patent granted on an application for patent by another filed in the United States before 
the invention by the applicant for patent, except that an international application filed under 
the treaty defined in section 351(a) shall have the effects for purposes of this subsection of an 
application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 
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2. Claims 1-5 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Lockhart US (6,230272). 

Regarding claim 1: Lockhart discloses a method of securing security data stored 
on a computer system (see abstract) comprising the steps of: 
Providing a data key to the computer system; (Col 3, lines 39-46) 
Transforming the security data with the data key in a reversible fashion to 
produce encoded secure data such that the data key is required in order to 
perform a reverse transform and extract the security data from the encoded 
secure data; and (Col 4, lines 35-43) 

storing the encoded secure data in a fashion such that a user authorization 
process is used to retrieve the encoded secure data such that the data'key and 
the user authorization process in combination, provide access to the security 
data and such that the stored data within the computer system is encoded. (Col 
4, lines 43-45 and Col 4, lines 59-65) 

Regarding claim 2: Lockhart discloses the method of securing security data 
stored on a computer system according to claim 1 , wherein a same security data 
is encoded with several different data keys to provide several different encoded 
secure data such that a combination of user authorization and any of a plurality 
of data keys allows for retrieval and decoding. (Col 5, lines 22-28 and Col 5, lines 
52-62) 
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Regarding claim 3: Lockhart discloses the method of securing security data 
stored on a computer system according to claim 1 , wherein a same security data 
is encoded with several different data keys to provide several different encoded 
secure data ( Col 5, lines 18-28) and wherein each encoded secure data is 
associated with one or more user authorization processes such that a 
combination of one or more user authorization processes and any of a plurality of 
data keys allows for retrieval and decoding. ( Col 6, lines 8-24 and Col 7, lines 
22-27) 

Regarding claim 4: Lockhart discloses the method of securing security data 
stored on a computer system according to claim 1 , wherein the user 
authorization process is a biometric information verification process. ( Col 3, lines 
45-49) 

Regarding claim 5: Lockhart discloses the method of securing security data 
stored on a computer system according to claim 1, wherein the data keys include 
a password. ( Col 4, lines 3-8) 

3. Claims 6-10, 13-15 and 18-21 are rejected under 35 U.S.C. 102(e) as 
being anticipated by Bjorn US (6,035,398). 



Regarding claims 6 and 13: A method of securing security data stored on a 
computer system comprising the steps of: 
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providing a biometric information source ( Col 5, lines 61-64) and comparing the 
biometric information source against stored templates associated with the 
biometric information source;( Col 5, lines 64-68) and for, in dependence upon a 
comparison result pairing biometric information source with a first individual 
identity;( Col 6, lines 1-3) providing a data key associated with a second 
individual identity;(Col 6, lines 14-17) the data key being other than stored on the 
computer system; (Col 6, lines 17-24) retrieving encoded security data 
associated with the biometric information, and using the key data for decoding 
the encoded security data. (Col 8, lines 54-61) 

Regarding claims 7 and 18: A method of securing security data stored on a 
computer system according to claim 6, wherein the decoded security data is for 
performing at least one of encrypting and decrypting data on the computer 
system. ( Col 8, line 66 through Col 9, line 6) 

* 

Regarding claim 8: A method of securing security data stored on a computer 
system according to claim 6, wherein the decoded security data is for allowing 
access of the data to the identified individual. (Col 9, lines 7-18) 

Regarding claim 9. A method of securing security data stored on a computer 
system according to claim 6, wherein the step of accepting biometric information 
source comprises imaging the biometric information source using a contact 
imager. (Col 3, lines 4-1 1 and Col 4, lines 4-11) 
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Regarding claim 10: A method of securing security data stored on a computer 
system according to claim 9, wherein the contact imager is a fingerprint imager. 
(Col 3, lines 4-1 1 and Col 4, lines 4-11) 

Regarding claims 14 and 21: Bjorn discloses the method of securing data as 
defined in claim 13, wherein the step of providing a first information sample to a 

i 

computer system comprises the step of: hashing the first information sample to 
produce a first hash value. (Col 3, lines 44-59) 

Regarding claim 1 5: Bjorn doesn't discloses the method of securing data as 
defined in claim 13, comprising the steps of: 

providing a second other information sample to the computer system; hashing 
the second information sample to produce a second hash value; encoding the 
key data in dependence upon the second hash value to produce second security 
data; and securing the second security data in dependence upon at least one of 
the at least one biometric information sample. 

Regarding claim 15: Bjorn discloses the method of securing data as defined in 
claim 13, comprising the steps of: 
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providing a second other information sample to the computer system;(Col 3, lines 
28-36) 

hashing the second information sample to produce a second hash value; (Col 3, 
lines 44-46) 

encoding the key data in dependence upon the second hash value to produce 
second security data; and ( Col 3, lines 54-65) 

securing the second security data in dependence upon at least one of the at least 
one biometric information sample. ( Col 4, lines 8-20) 

Regarding claim 20: Bjom discloses the method of securing data according to 
claim 19, comprises the steps of: providing a first information sample to a 
computer system for decoding the encoded biometric sample; (Col 4, lines 60-63 
and item 340 of FIG. 3) and comparing the decoded biometric sample against 
stored templates associated with the biometric information source. ( Col 4, lines 
64-67 and item 345 of FIG. 3) 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 102 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains! Patentability shall not be negatived by the manner in which the 
invention was made. 
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5. Claims 11,12,16, and 17 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Bjom US (6,035,398) in view of Gressel US (6,31 1 ,272). 

Regarding claims 1 1 and 16: Bjorn disclose the method of securing security data 
stored on a computer system according to claim 6, wherein the step of providing 
the data key comprises the step of providing a public/private key pair (Col 8, lines 
54-61 ) but he doesn't explicitly disclose the step of providing the data key 
comprises the step of providing, however Gressel discloses a biometric 
authentication system where he teaches the using of a password or a shared 
secret to retrieve and decrypt decryption key stored on memory using biometric 
techniques ( Col 5, lines 56-65) . Therefore it would have been obvious to one 
ordinary skilled in the art at the time the invention was made to modify Bjorn 
system with the teachings of Gressel to include provide a password through the 
authentication process. One would be motivated to do so in order to enable the 
system to provide the decryption key to the user by authenticating the user using 
a password or PIN that is usually easier for the user to remember and keeping 
the decryption key in a secure area. 

Regarding claims 12 and 17: Bjorn discloses the method of securing security 
data stored on a computer system according to claim 6, wherein the step of 
providing the data key comprises the step of providing information stored on a 
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database ( Col , lines ) but he doesn't explicitly disclose the step of providing the 
data key comprises the step of providing information stored on smart card. 
However Gressel discloses a biometric authentication system where he teaches 
storing decryption key on a smart card and using a shared key to retrieve and 
decrypt decryption key stored on the smart card (Col 3, Lines 50-55 and Col 8, 
lines 28-38). Therefore it would have been obvious to one ordinary skilled in the 
art at the time the invention was made to modify Bjorn invention with the 
teachings of Gressel to provide a data key stored the smart card. One would be 
motivated to do so in order to eliminate any possibility of the decryption key being 
compromised during operation and to provide higher degree of security against 
physical attacks. Additionally using the smart card enables the system to provide 
a higher degree of mobility for the users. 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Firas Alomari whose telephone number is 
(571) 272-7963. The examiner can normally be reached on M-F from 7:30 am - 
4:00 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, AYAZ SHEIKH can be reached on (571) 272-3795. The 
fax phone number for the organization where this application or proceeding is 
assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). 
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Examiner 
Art Unit 2136 



FA 



AYAZ SHEIKH 
SUPERVISORY PATENT EXAMINED 
TECHNOLOGY CENTER 2100 




